Category
Security
Release Phase
Resolved
ProductSolaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Bug Id
6332906
Date of Resolved Release13-JUL-2006
Impact
A local or remote unprivileged user may be able to prevent the ypserv(1M) NIS server process from answering NIS name service requests. A Denial of Service (DoS) may occur as clients currently bound to the NIS server may experience hangs or slow performance. Users may no longer be able to log in on affected NIS clients.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Solaris 8 without patch 109328-06
- Solaris 9 without patch 113579-09
- Solaris 10 without patch 123186-01
x86 Platform
- Solaris 8 without patch 109329-06
- Solaris 9 without patch 114342-09
- Solaris 10 without patch 122078-02
Symptoms
Should the described issue occur, the NIS server will no longer respond to client NIS requests. The ypserv(1M) process may no longer be running on the NIS server.
In the following example, ypcat(1) is seen to hang and is thus aborted with Control-C. The ypwhich(1) command displays the NIS server which is found to be otherwise alive:
$ ypcat hosts | head
^C
$ ypwhich
yp-server
$ ping yp-server
yp-server is alive
On the NIS server, the ypserv(1M) process can be verified with the following command:
# pgrep ypserv || echo "ypserv not running"
Workaround
To work around the described issue if the NIS server is unresponsive or not running, it can be stopped and restarted by running the following commands (as "root"):
# /usr/lib/netsvc/yp/ypstop
# /usr/lib/netsvc/yp/ypstart
Resolution
This issue is addressed in the following releases:
SPARC Platform
- Solaris 8 with patch 109328-06 or later
- Solaris 9 with patch 113579-09 or later
- Solaris 10 with patch 123186-01 or later
x86 Platform
- Solaris 8 with patch 109329-06 or later
- Solaris 9 with patch 114342-09 or later
- Solaris 10 with patch 122078-02 or later
References
123186-01
122078-02
109328-06
113579-09
109329-06
114342-09
AttachmentsThis solution has no attachment